azure-rbac
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseUse the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:
使用工具查找与用户想要分配给身份的目标权限匹配的最小角色定义。如果没有内置角色符合目标权限要求,则使用工具创建包含目标权限的自定义角色定义。接着使用工具生成将该角色分配给对应身份所需的CLI命令。最后,使用和工具提供用于添加角色分配的Bicep代码片段。如果用户询问设置访问权限所需的角色,请参考下方的「角色授予先决条件」:
azure__documentationazure__extension_cli_generateazure__extension_cli_generateazure__bicepschemaazure__get_azure_bestpracticesPrerequisites for Granting Roles
角色授予先决条件
To assign RBAC roles to identities, you need a role that includes the permission. The most common roles with this permission are:
Microsoft.Authorization/roleAssignments/write- User Access Administrator (least privilege - recommended for role assignment only)
- Owner (full access including role assignment)
- Custom Role with
Microsoft.Authorization/roleAssignments/write
要向身份分配RBAC角色,你需要拥有包含权限的角色。拥有该权限的最常见角色如下:
Microsoft.Authorization/roleAssignments/write- 用户访问管理员(最小权限 - 仅推荐用于角色分配场景)
- 所有者(包含角色分配权限的完全访问权限)
- 包含权限的自定义角色
Microsoft.Authorization/roleAssignments/write